CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-33294
https://notcve.org/view.php?id=CVE-2024-33294
An issue in Library System using PHP/MySQli with Source Code V1.0 allows a remote attacker to execute arbitrary code via the _FAILE variable in the student_edit_photo.php component. Un problema en el sistema de librería que usa PHP/MySQli con Source Code V1.0 permite a un atacante remoto ejecutar código arbitrario a través de la variable _FAILE en el componente Student_edit_photo.php. • https://github.com/CveSecLook/cve/issues/16 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-30973
https://notcve.org/view.php?id=CVE-2024-30973
An issue in V-SOL G/EPON ONU HG323AC-B with firmware version V2.0.08-210715 allows an attacker to execute arbtirary code and obtain sensitive information via crafted POST request to /boaform/getASPdata/formFirewall, /boaform/getASPdata/formAcc. Un problema en V-SOL G/EPON ONU HG323AC-B con la versión de firmware V2.0.08-210715 permite a un atacante ejecutar código arbitrario y obtener información confidencial a través de una solicitud POST manipulada para /boaform/getASPdata/formFirewall, /boaform/getASPdata/formAcc . • https://github.com/Athos-Zago/CVE-2024-30973 https://github.com/Athos-Zago/CVE-2024-30973/tree/main • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32986 – Arbitrary code execution due to improper sanitization of web app properties in PWAsForFirefox
https://notcve.org/view.php?id=CVE-2024-32986
PWAsForFirefox is a tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox. Due to improper sanitization of web app properties (such as name, description, shortcuts), web apps were able to inject additional lines into XDG Desktop Entries (on Linux) and `AppInfo.ini` (on PortableApps.com). This allowed malicious web apps to introduce keys like `Exec`, which could run arbitrary code when the affected web app was launched. This vulnerability affects all Linux and PortableApps.com users of all PWAsForFirefox versions up to (excluding) 2.12.0. Windows and macOS users are not affected. • https://github.com/filips123/PWAsForFirefox/commit/9932d4b289631d447f88ace09a2fabafe4cd5bd5 https://github.com/filips123/PWAsForFirefox/releases/tag/v2.12.0 https://github.com/filips123/PWAsForFirefox/security/advisories/GHSA-jmhv-m7v5-g5jq • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34062 – tqdm CLI arguments injection attack
https://notcve.org/view.php?id=CVE-2024-34062
`--delim`, `--buf-size`, `--manpath`) are passed through python's `eval`, allowing arbitrary code execution. • https://github.com/tqdm/tqdm/commit/4e613f84ed2ae029559f539464df83fa91feb316 https://github.com/tqdm/tqdm/security/advisories/GHSA-g7vv-2v7x-gj9p https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PA3GIGHPWAHCTT4UF57LTPZGWHAX3GW6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRECVQCCESHBS3UJOWNXQUIX725TKNY6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VA337CYUS4SLRFV2P6MX6MZ2LKFURKJC • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35701 – Apache Hive: Arbitrary command execution via JDBC driver
https://notcve.org/view.php?id=CVE-2023-35701
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Hive. The vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver (client) is running. • http://www.openwall.com/lists/oss-security/2024/05/03/3 https://lists.apache.org/thread/7zcv6l63spl4r66xwz5jv9rtrg2opx81 • CWE-94: Improper Control of Generation of Code ('Code Injection') •